Aggregated bug-fixes for 7.10.0

Last Update: 2018-12-13

Patch Release 4993 (2018-12-03)

Shipped Components and Versions

Fixed Bugs

61720 High CPU usage on middlware nodes - lot of long running mail parsing threads

Used regular expression while performing html-to-text conversion may keep a thread running excessively long.This has been fixed by applying configurable* HTML parser timeout also to html-to-text conversion. If timeout kicks-in a fall-back html2-text conversion is performed. See setting “com.openexchange.html.parse.timeout” (defaults to 10 seconds).

61655 Blocked Databases after chronos update could not be (unb)locked using unblockdatabase

Now try to detect possible read timeout while attempting to unlock database schema during update process. If so, invalidate context cache nevertheless to solve this issue.

61615 Calendar export still 0 bytes

For some special cases it is still not possible to export the calendar.Improfed logging by delaying obtaining HTTP response’s output stream until actually needed & ensure causing exception gets logged.

61613 Caldav issue after partly update to 7.10

A fallback path mapping for CalDAV clients that synchronize a single static collection causes calendars to appear duplicated in another 3rd party client that does not remove any longer advertised collections automatically.Try fallback to legacy collection name only for Thunderbird/Lightning as a workaround.

61465 Update task ChronosStorageMigrationTask fails on upgrade to 7.10

This has been solved by don’t using surrounding database connection if setting “com.openexchange.calendar.migration.intermediateCommits” is set to “true” (default).

61457 GoogleSubscriptionsMigrationTask fails on upgrade to 7.10 when Chronos update tasks are disabled

Users has subscriptions, which they can’t see (anymore).This has been solved by ignoring those folders. After executing the update task again the remaining subscription should be properly removed.

61420 Profile picture not shown with pim mac

When “globaladdressbookdisabled” permission is contained in applicable module access combination even requesting own user contact picture was forbidden.This has been fixed by always allowing requesting own user contact picture regardless of “globaladdressbookdisabled” permission.

61417 Google oauth not working

The ‘scopes’ parameter (which in Google’s case is a URL) was erroneously detected as a location and was URL encoded.This has been solved by not using URL encoding for location.

61388 Signatures not above quoted text

Signatures where not above quoted text when forwarding an email.This has been solved by adding com.openexchange.mail.forwardUnquoted” setting to JSlob.

61385 Automatic sign out feature is not using custom logoutLocation

This has been solved by forcing reload only when current host and pathname matches target url.

61254 Problems with the IOS Calendar App sync after upgrade to 7.10

When a CalDAV client performs a listing of all child resources in an event collection, some specific event properties need to be queried from the storage that was not yet whitelisted when checking against the configured maximum list of returned results. This led to an internal error, which was indicated as HTTP 400 for the client.This has been solved by allowing unlimited result lists when getting CalDAV-specific meta properties from events.

60619 Drive visible although capability is false

Settings did not respect a possible upsell configuration.This has been fixed by adding a check to disable App settings for upsell apps.

Patch Release 4970 (2018-12-06)

Shipped Components and Versions

Fixed Bugs

253 New server key and new Push certificate

This driverestricted patch includes a new server key to enable fcm Push for Drive Android and a new iOS Push certificate.

Patch Release 4966 (2018-11-19)

Shipped Components and Versions

Fixed Vulnerabilities

60089 CVE-2018-18462

CVSS: 5.4

60088 CVE-2018-18462

CVSS: 5.3

60025 CVE-2018-18463

CVSS: 4.8

Fixed Bugs

61293 Moveuserfilestore inserts new entry in table filestore2user instead of updating the existing one

Wrong PRIMARY KEY specified for “filestore2user” table, which allows duplicate entries per user.This has been solved by avoiding duplicate entries in “filestore2user” table when moving user’s file storage.

61185 External user failed to load messages in OX guard

External user wasn´t able to read encrypted emails.This has been fixed by not using global mail settings for Guard Guest accounts.

61044 Dav account shows up multiple times in security active clients

Missing conversion when receiving clients of family webdav. Until now, the CalDAV/CardDAV fallback was used.This has been solved by showing WebDAV for webdav clients in the UI.

60936 Webdav mount shown as caldav

Also fixed by the Bugfix from #61044.

60889 Provisioning calls do not always consider server name/ID when looking up contexts

Missed possibility to check if a context exists in a certain server.This has been solved by adding possibility to check a context’s existence in the scope of the registered server, in which the called provisioning node is running in. Thus the client is able to check before-hand, in which setup a context exists.

60850 Mail windows not usable after re-login

Missing fail handler for savepoints.Solution: Being robust when savepoints are incomplete and remove savepoints of deleted draft mails.

59528 MSG-0032 Categories=USER_INPUT Message=‘Mail could not be found’

It was not possible to display messages fetched from IMAP having a corrupt BODYSTRUCTURE information.More robust handling with IMAP messages having a corrupt BODYSTRUCTURE information solve this issue.

59054 Mail with 2 or more attachments - only 1 attachment gets forwarded

When using reset on a backbone collection with plain js objects, the reset function removes objects which looks like to have the same identifier.This has been solved by preventing this by creating models first and then use reset.

Patch Release 4933 (2018-11-05)

Shipped Components and Versions

Fixed Bugs

61026 Setting menu does not move when browser windows get maximized

No closing on resizing let to this issue.This has been fixed by adding event handler to close dropdowns on resize.

61023 Translation error on tooltip

Wrong function was used to get the translated text.Now using correct function to get the right translation.

60928 Calendar export 0 bytes

It was not possible to export a calendar.This has been fixed by avoiding IAE when TimeZone can’t be found by adding NullGuard.

60909 com.openexchange.smtp.smtpLocalhost is by default null

Changed interpretation of the default value for “com.openexchange.smtp.smtpLocalhost” property.This has been solved by restoring proper interpretation of the default value for “com.openexchange.smtp.smtpLocalhost” property.

60901 OXContextServicePortType.createModuleAccessByName(Context ctx, User user, String access_comb, Credentials auth, SchemaSelectStrategy strategy) is not backward compatible

Transferring deprecated “clusterWeight” element leads to a SOAP fault.This has been solved by ignorring deprecated “clusterWeight” element in incoming SOAP request.

60874 OXUserServicePortType.change(Change ch) method is not backward compatible

Naming changed from “drive_folder_mode” to “drive_user_folder_mode”.Solution: Accept & output alternative “drive_folder_mode” element for passing “drive_user_folder_mode”

60828 Segmented updates don’t work with multiple domains

The feature has been designed to only serve one migrationRedirect URL.This has been solved by adding the possibility to configure the migrationRedirectURL on a per-host base via the as-config.yml

60826 Sharing is not fully capable to deal with “segmented updates”

The LOCATED_IN_ANOTHER_SERVER exception was not properly handled in the ShareServlet.This has been fixed by handling the exception properly, i.e. redirect the client to the appropriate node. Introduced a new migrationRedirectURL property for the ShareServlet to use in order to send a redirect to the correct node.

60698 Contact list selected, contacts get deselected when clicking on group header

No differentiation between keyboard “clicks” and touch/mouse “clicks”.Support autoselect only for keyboard navigation to solve this.

60457 Search intermittently displays no folder information with results

Increase robustness for mail by using loader information directly instead of a derived property value. Now the folder is always displayed in a search result.

60161 IP change detected with X-Forward

Websocket request didn’t consider the x-forward header.Now properly consider the header and configured whitelisted ips.

58329 Multiple taxonomyTypes definitions possible for one context

Changes that were made (for release 7.10.0) to improve the provisioning have been made on the wrong assumption that the primary key for the table ‘contextAttribute’ is defined as (cid,name) but it was configured to be (cid,name,value).This has been fixed by adjusting primary key to be (cid,name) and properly prepare content before.

Patch Release 4930 (2018-10-22)

Shipped Components and Versions

Fixed Bugs

60388 “Forgotten attachment?” message displays by sending e-mail in NL

Dutch translation contained a double pipe (||) which was used in a regular expression which matches all strings.This has been solved by making the code more robust against empty strings.

Patch Release 4918 (2018-10-16)

Shipped Components and Versions

Fixed Bugs

60789 Inconsistent Chronos update task dependencies

Documentation was not up to date about newly added update tasks.Updated Documentation.

60745 Database migration fails with max key length

No explicit change of column length in keys on liquibase changesets.This has been fixed by changing key definition.

60718 Strange error message when Quota is exceeded

Simplified the message. Message is not translated in every language yet.

60695 High Garbage Collection activity after upgrade

Prevent infinite loop on certain bad IMAP responses to solve this issue.

60565 No UI message if pop account not working

The error handler for errors like this was missing.This has been solved by adding the missing error handler. If an account is unfunctional a popup appears announcing the error. In case of a pop3 account this happens after the configured refresh interval.

60380 Address book sort order is different based on the number of contacts

Sortname was the same with multiple contacts, so no clear sorting order.This has been fixed by adding the first valid mail address as second sorting criteria, if sortnames are the same.

60277 Vcard gets attached multiple times

Wrong vCard file name representations are compared.This has been solved by checking proper vCard file name representations.

58895 Contacts with Email 2 field in distribution list do not populate

No filtering and yells for those emails.This has been solved by adding yells and filtering.

Patch Release 4897 (2018-10-01)

Shipped Components and Versions

Fixed Bugs

60418 Calendar not displayed

When the same email address is set as an alias for multiple users, a calendar user address URI may get resolved to the wrong user.Prefer referenced user’s addresses when resolving calendar user addresses to solve this issue.

60274 Login - password length restricted to 100 characters (maxlength=“100”)

This has been solved by increasing MaxLength for password.

60262 Changing a user’s email address leads to invalid calendar user errors for existing events

Changing the email address with the command line tools led to error messages.This has been solved by checking if passed user reference contains updated email addresses or aliases.

60140 Mail content not displayed

Sanitizer removed attributes needed for mail styling.This has been solved by improving sanitizer so styles are preserved.

60013 Attachment actions not shown on certain mail

Content type with upper case letters do not pass the attachment check for inline-images.Made content type check case-insensitive for inline-images to solve this issue.

60011 Calendar Recurrence when selected with a specific End Date is displaying as Day-1 after saving

The date is stored in utc but was converted to a localized date by momentjs which could lead to a wrong date in some cases.This has been fixed by converting the rule to a date in utc time to prevent timezone offsets to display a different date.

59957 Mail selected after login, might not be visible to user

Selected mail not scrolled into view.Now scroll selected mail into view to have this mail displayed.

Patch Release 4882 (2018-09-17)

Shipped Components and Versions

Fixed Bugs

60212 [Backport] /ajax/folders?action=allVisible does not respect the“com.openexchange.mail.hidePOP3StorageFolders” setting

When an appsuite user has a POP3 secondary account and the “com.openexchange.mail.hidePOP3StorageFolders” setting is configured to true this setting was not respected and POP3 folders were returned as private folders of the primary account.

60104 [Backport] FCM Support

Migrated from the legacy GCM to the new FCM (Firebase Cloud Messaging) when sending push notifications to the OX Drive clients on Android.

60017 WebDAV upload overrides context quota and can thus fill up underlying filestore

Proper cleanup in case of runtime exceptions while writing to filestore.

Patch Release 4870 (2018-09-03)

Shipped Components and Versions

Fixed Bugs

59914 Compromised Account Email Headers

App Suite UI passed wrong information to Open-Xchange Server in case personal part of “From” address contains brackets as a workaround for another old issue.This has been solved by removing the workaround.

59833 Not possible to add pop3 account

Trying to issue an ‘EXAMINE’ command against a non-existent folder yields a ‘javax.mail.FolderNotFoundException’.This has been fixed by treating a possible ‘javax.mail.FolderNotFoundException’ as folder cannot be opened.

59756 Sieve Rule with “redirect” and “keep” are changed to “redirect :copy”

When creating the auto-forward rule it was not checked if the used sieve action “copy” exists.Now, if the sieve action “copy” is not available the combination “redirect” / “keep” is retained to solve this issue.

59753 Error when dragging mail from an externally linked account

The lsub entry couldn’t be resolved because of a naming mismatch: “Inbox” vs “INBOX”.This has been fixed by storing lsub entries also under the original fullname, so no error is displayed while moving mails from external accounts.

59692 Archive folder not created automatically

Trying to issue an ‘EXAMINE’ command against a non-existent folder yields a ‘javax.mail.FolderNotFoundException’.This has been fixed by treating a possible ‘javax.mail.FolderNotFoundException’ as folder cannot be opened.

59684 Draft email with vcard sending not working

The “vcard” parameter was parsed and written differently.Solution: Lenient evaluation of “vcard” parameter.

57850 Logging out as test user (sometimes) not possible

Mail compose did not unregister it’s logout extension point if startup fails. This causes the logout to abort as the extension is still there for a non-existing mail compose instance.This has been fixed by removing logout extension if app startup fails.

Patch Release 4863 (2018-08-20)

Shipped Components and Versions

Fixed Vulnerabilities

59653 CVE-2018-13104

CVSS: 5.4

59507 CVE-2018-13105

CVSS: 3.5

Fixed Bugs

59711 Grizzly not starting if iprange can’t be resolved

The hostname was is used to create the octets. If the hostname is not an ip address the conversion failed.This has been solved by using host address instead of hostname to calculate octets.

Patch Release 4853 (2018-08-08)

Shipped Components and Versions

Fixed Bugs

59206 Custom logo doesn’t display if logoAction is set

Custom logo was intentionally hidden on smartphones.Show logo on smartphone again to solve this issue.

Patch Release 4835 (2018-07-25)

Shipped Components and Versions

Fixed Bugs

59291 Certain mail bodys are not displayed

When accessing mail created by the “PHPMailer” library and storing them at a specific IMAP server, mail bodies were not displayed in OX App Suite. This was caused by a inability of the IMAP server to provide the mail body based on a TEXT section reference. A workaround has been applied to retry fetching mail sections in case no specific section identifier was provided as response.

59183 Unexpected mail push notifications

In certain cluster environments a rise of mail push notifications has been observed. We extended logging capability to further track this down and added improvements when refreshing cluster locks as well as immediately shutting down IMAP-IDLE listeners once they time out.

58938 Incorrect storage capability evaluation

When moving a file or folder from one storage type to another, for example OX Drive to an external storage provider, capabilities of the source instead of the target storage were evaluated. This led to unexpected errors in case storage-specfic capabilities like case sensitivity were affected. We solved this by evaluating the target storage capabilities when moving data between storages.

58857 Special-use flags overridden

When detecting “special-use” IMAP folders like “Junk” or “Sent”, we check the appropriate IMAP flag on first use of a mailbox and store that to our database. As we were storing the short name of a folder instead of its full path, this could lead to conflicts and unexpected “special-use” folder assignments when having folders sharing the same name on different folder hierarchy levels. We now store a reference containing the full path to avoid this.

58849 Recursive folders stay subscribed upon removal

When removing a folder with several levels of sub-folders, deleting them from “Trash” at OX AppSuite would not properly un-subscribe folders below the topmost folder. This led to error messages and unexpected folder lists at external IMAP clients. We now un-subscribe recursively in case a folder gets removed from “Trash”.

Release 7.10.0 (2018-07-04)

Shipped Components and Versions

Fixed Vulnerabilities

58880 CVE-2018-12611

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to Secator

58874 CVE-2018-12609

CVSS: 6.5 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N), Credits to Secator

58742 CVE-2018-13104

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to Secator

58282 CVE-2018-12611

CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N), Credits to Secator

58256 CVE-2018-12611

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A), Credits to Secator

58226 CVE-2018-12611

CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N), Credits to Secator

58161 CVE-2018-12611

CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N), Credits to Secator

58096 CVE-2018-9997

CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N), Credits to Secator

58055 CVE-2018-13105

CVSS: 7.7(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N), Credits to Michael Reizelman (mishre)

58051 CVE-2018-12610

CVSS: 3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

58029 CVE-2018-9998

CVSS: 3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

58023 CVE-2018-9998

CVSS: 3.6 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/CR:L), Credits to Ranjit_p

57956 CVE-2018-9997

CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N), Credits to Secator

57692 CVE-2018-9997

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to rceman

57095 CVE-2018-9997

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to Secator

57016 CVE-2018-9997

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

56747 No CVE

CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

56744 No CVE

CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

56740 CVE-2018-5754

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to Secator

56718 CVE-2018-5755

CVSS: 7.7(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N), Credits to Zhang Tianqi (pnig0s)

56717 No CVE

CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

56706 CVE-2018-5752

CVSS: 6.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L), Credits to stemcloud

56619 CVE-2018-5752

CVSS: 6.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L), Credits to stemcloud

56582 CVE-2018-5754

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to Secator

56580 CVE-2018-5754

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to Behroz Alam (tbehroz)

56558 CVE-2018-13103

CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N), Credits to stemcloud

56477 CVE-2018-5751

CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N), Credits to Ranjit_p

56457 CVE-2018-13103

CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N), Credits to stemcloud

56407 CVE-2018-5753

CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

56406 CVE-2018-13104

CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N), Credits to Secator

56359 CVE-2018-5756

CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N), Credits to Michael Reizelman (mishre)

56352 CVE-2017-17060

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to Secator

56334 CVE-2018-5752

CVSS: 6.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L), Credits to stemcloud

56333 CVE-2018-5756

CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N), Credits to Michael Reizelman (mishre)

56157 CVE-2017-17060

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to Secator

56091 CVE-2017-17060

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to Secator

56063 CVE-2017-17061

CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N), Credits to Secator

56056 CVE-2017-17062

CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N), Credits to Secator

56055 CVE-2017-17060

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to Secator

55882 CVE-2017-17060

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to Secator

55830 CVE-2017-17060

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to Secator

55703 CVE-2017-15029

CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)

55651 CVE-2017-15030

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to tungpun

55603 CVE-2017-15030

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to Secator

55602 CVE-2017-15030

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to Secator

55601 CVE-2017-15030

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to Secator

55600 CVE-2017-15030

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to Secator

55167 CVE-2017-17060

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to Secator

55090 CVE-2017-13667

CVSS: 6.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L), Credits to Secator

55068 CVE-2017-13668

CVSS: 3.7 (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N), Credits to Secator

54937 CVE-2018-13104

CVSS: 2.6 (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N)

54915 CVE-2017-12885

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to Secator

54838 CVE-2017-12885

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

54592 CVE-2017-12885

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to Secator

54579 CVE-2017-12884

CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N), Credits to Secator

54403 CVE-2017-9809

CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N), Credits to Secator

54402 CVE-2017-9808

CVSS: 3.3 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N), Credits to Secator

54321 CVE-2017-9808

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to Secator

54320 CVE-2017-9808

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N), Credits to Secator

Fixed Bugs

59158 UI always uses en_US when logging in with session-tokens

The always did not wait for a inner deferred to finish which caused the login:success event to be triggered to early just before the user language was set correctly. The UI then falls back to en_US in each case, but only for initial login.This has been solved by adjusting token login handler and replacing .always with .then in token login handler success function.

59098 Unable to add Twitter account

Twitter updated their oAuth usage policies, which now demand to white-list the full path of all possible callback endpoints. Up to now our callback “defer” URL was using a “jsessionid” parameter for cluster routing as URL path segment, which did interfere with this policy. We now transmit this parameter as URL parameter to allow white-listing of the full endpoint.

58952 Incompatible mail filter rules

Legacy mail filter rules (SIEVE) were incompatible with the current implementation at OX App Suite and could not be processed when editing. We added compatibility for those rules which makes sure they will get updated next time a user saves them. For as long as the SIEVE backend is able to work with the old format we don’t expect any issues and do not automatically migrate mail filter scripts.

58910 Session handover sometimes fails

In some cases the timing for session handover to App Suite frontend (e.g. when using SAML) was off due to unexpected non-critical errors or latencies. In this case the login process for a user could stall. We made the frontend implementation more robust to handle such cases and allow the login process to pass.

58900 Usercopy fails with rsync error

An erroneous paths were provided to the ‘rsync’ utility, while only the absolute path is required for such an operation.This has been solved by using the correct path for the copy operation via ‘rsync’, the protocol type as the ‘file’ is always implied.

58895 Confusing fall-backs used for distribution lists

If a contact linked to a distribution list had invalid E-Mail address data, a fall-back address was looked up at the contact object and if that failed no address was used to avoid blocking mail delivery to other list members. This could lead to situations where some distribution list members were silently ignored. We did add a notification about invalid E-Mail addresses when sending mail to distribution lists.

58891 Mail address is not parsed correctly if domain contains a dot and a dash

Was not mapped by regex.This has been solved by adding both cases to this regex.

58814 Importing third party iCal files fails

Some calendar providers produce technically invalid iCal files which use local time for start and end date but specific time zones for recurrence rules. To allow interoperability we chose to ignore such cases and import the data anyway.

58767 Calendar workweek view not considered in recurring appointments

Used static preconfigured workweek for recurring appointments.This has been fixed by using configured workweek instead of default work week.

58733 Deleting user causes high load

Concurrent loading of stale data into cache while deletion is not yet committed caused this problem.This has been fixed by introducing a cache eviction listener and its respective registry. Implemented listeners to evict folder cache entries after the database transaction is committed.

58632 IE11: contact list view jump to different position when selecting a contact

Missing tabindex messed up focus handling.This has been fixed by adding tabindex -1 to labels for IE11.

58628 Attachment overlap for Print function

There was no styling for the print rendering.This has been solved by adding a print rendering view.

58599 Forwarding specific mail fails

Mails with 7bit encoding were forwarded as-is even though the encapsulating mail did not update the Content-Transfer-Encoding header for this attachment. As a result some mail clients were unable to decode the forwarded mail. We now make sure to properly decode such content and set proper headers before forwarding it.

58549 Links to shares lead to broken workflows

When using a link within a share notification mail sent by the same OX environment, users could end up with a login screen in case the environment did not support “auto login” or the user opted to disable cookies. We do now detect such links and open the specified resource within the current session rather than opening a new browser window.

58520 Updated Japanese translation for mail filter actions

Some mail filter actions like “file into” or “copy into” were incorrectly translated to Japanese. This got solved by updating the translation.

58509 Null reference when moving users to filestores

In certain cases a target file store could not be loaded correctly while running a moveuserfilestore command, this was solved by validating the target file store.

58507 Unresponsive context menu on mobile browsers

When interacting with a mail on a mobile browser (Chrome in this case) on a smartphone, the context menu to edit a selected mail could get unresponsive. This got solved to make sure we use the right selection after leaving a mails detail view.

58478 Twitter allows 280 characters

We updated our Twitter widget to allow a total of 280 characters as Twitter made this their default as well.

58460 Empty “recent conversations” on mobile

In some cases a contacts “recent conversation” information was not populated when using mobile browsers. This has been solved by using more robust scrolling.

58433 “Collected addresses” shows option to add a contact again

In case a contact is stored to the “collected addresses” folder, it will offer a option to “add to address book” even though its already part of a address book. To improve performance we did remove sophisticated look-ups since that folder usually contains a vast number of contacts. We did re-introduce this check in case a contacts “halo” view is opened to make sure the option is not shown there. This chance does not affect browsing of the folder, we still show the option there.

58419 Illegal charsets led to error when browsing mail folders

Specific broken mails contain broken encodings for senders, this led to user-facing error messages even though users can’t solve the issue. We improved the check for illegal charsets in such cases and catch the error.

58377 User interface glitch when escaping conflict dialogs

In case users rejected appointment conflict dialogs by using the escape key, the frontend did still show activity indicators for appointments as we’d expect the user to click one of the provided buttons. We now also recognize keyboard controls for this dialog.

58333 Incorrect hyper-link encoding for certain links

In case hyper-links in mail contain percentage signs for URI parameters, those could lead to a incorrect locations since we were encoding them twice. This has been solved to just encode quotes in links.

58326 Missing error handling when marking mail as spam

In case the action to mark a mail as spam was failing, no error message has been provided to the user. We now check the response for this action and provide a user-facing message.

58297 Misleading time-zone information for mail filters

In case time and date based mail filters are used, our representation of timezones and daylight-saving settings was not optimal. We now provide a specific time-zone hint that includes daylight-saving settings.

58286 Appointments with Emoji get removed when using EAS

While some devices allow full four-byte unicode characters for appointments, some OX App Suite database backends do not. In such cases our error handling led to situations where devices removed an appointment. We do now properly truncate unsupported characters up to 50 times before responding with an error. This still leads to data loss for unsupported characters but the appointment should be maintained, depending on the clients handling.

58207 Mail file size reported as zero when switching conversation sort

When sorting mails by size and toggling conversation view on and off, a incorrect file size has been displayed. This has been solved by resetting old collections on toggle.

58204 Missing translation, unclear description of restore points

When restoring mail content within a browser session, the term “restore point” was used which appears to be alien to users. We modified the term and added translation as well as customizations capabilities.

58201 Address book property “town” has been changed to “city”

Based on suggestions we renamed the property “town” to “city” on the web frontend.

58193 Capabilities not applied on the fly

In some cases user account capabilities were not applied instantly and could even require to re-start the middleware process. We improved cache invalidation for cases where dynamic context attributes where changed.

58187 Missing branding for mobile tour

When using OX App Suite on a smartphone browser, parts of the tour were not correctly branded. We made sure that the productName properties are being used correctly for mobile assets as well.

58186 Document converter breaks with Apache load-balancing

Due to active load balancing between Middleware and Documentconverter server nodes, the PDF results for creating each ManagedFile were taken from different Documentconverter server nodes. In some document cases, this might give slightly different results due to contained date or other fields, evaluated and written at conversion time on each Documentconverter node.This has been solved by ensuring that range requests for one document always create the same hash id even in case the file version is missing and adding appropriate synchronization code on a file id basis results in generating just one ManagedFile on Middleware side within the Ajax request handler. The PDF result file is created from one DC server node only for the sequence of range requests for one document, even in case the file version is missing.

58170 Storing empty aliases could lead to SQL exception

When storing a specific combination of empty alias information, a SQL error could be triggered as the related database fields don’t support empty data. This has been solved by stricter checks on data before committing.

58158 Login screen visible despite redirect during SAML login

SAML implementation always resumed login process.Halt login process in case of SAML, especially in the case of any redirects. This prevents the core login plugins from running while the browser is waiting to be redirected.

58134 Excessive querying of server configuration

We did implement a request interceptor which checks whether “auto login” is enabled or not on a per-request basis. Depending on the amount of global configuration settings, this could lead to high system load and even outages if the Java GC got stressed too much. We improved this check to be more lean and detect the setting much faster.

58119 Time picker is briefly shown in vacation notice

TimeInput toggled after draw.This has been fixed by calling toogleTimeInput as soon as possible.

58089 MSG-1031 Categories=ERROR Message=‘Error processing mail server response’

Small improvements to ease debugging with not working Kerberos authentication as administrators are not able to identify the users with problems.

58079 Missing validation response for invalid nested mail filter rules

In case a nested mail filter rule (e.g. anyof) did contain empty content, incorrect error handling was used. This got solved.

58052 Attachment names with specific unicode chars are garbled

In case a mail attachment used “circled numbers” unicode chars, those were replaced by placeholders when downloading the attachment. We’ve extended our unicode character support for such chars, often found in Asian correspondence.

58019 Unable to forward multiple mails

When using a certain MAL implementation, workarounds were to be used with can lead to an error when trying to forward multiple mails. We’re now avoiding the workaround in case multiple mails are being selected.

57997 Failing touch-appsuite when not providing timestamp value

When calling touch-appsuite with the –timestamp parameter but not actually providing a parameter value, the command failed as content validation was not used. We now validate the users input when executing that script.

57913 Download Drive folders as a zip limited to 1 GB not documented to configure

This has been solved by adding missing property documentation.

57909 Unable to forward a specific mail

In case parsing attachments of a specific mail failed before, it could not be forwarded. We now reset our parser before re-parsing a converted mail that failed before.

57870 Faulty mail address validating

When entering a mail address without @ character, the frontend would reject this address even though its valid. We updated the frontend-level validator to consider such addresses.

57841 Appointment colors are not printed

Appointments without a custom color were not colored according to their calendar folders color, if it has been set. This has been solved by adding the color label of the parent folder to all appointments that don’t specify their own color while printing.

57831 Logstash JSON output contains linebreaks

When using Logstash as log output, long stacktraces could be delivered as JSON file with linebreaks, which messes up the Logstash encoder. We identified the culprit at a JSON generator of a third-party library, which splits JSON after processing a certain amount of bytes. We replaced usage of this library by manual JSON object compilation.

57830 Garbled mail after responding with Outlook

Mail header truncation kicked in at 1000 characters, for example when dealing with a large amount of References. As a result some mail clients could not parse the mail and created garbled responses. We now apply more strict folding of header lines to avoid such malformed mails.

57825 Unified mail folders require reload to show up

When activating unified mail a reload was required to make those special folders show up. We improved state synchronization on the frontend level to make them show up right after initially enabling the feature.

57743 Time-based mail filters were stored incorrectly

Since some SIEVE implementations offer date and time handling, we did add a time picker to mail filter configuration. This did however lead to consistency issues with specific actions that can handle dates but no timestamps and vice versa. For the sake of usability we removed the time picker.

57636 Encrypted files in Drive with uppercase file type name

An encrypted file in Drive with uppercase file type name couldn’t be previewed.Now ignore case of file extension for encrypted files to solve this issue.

57627 Some signatures are not getting removed

When trying to remove certain HTML signatures from mail compose, a cleanup method to sanitize HTML was a bit too strict and embraced HTML5 standards. We’re now examining API responses for signatures in more detail with less strict cleanup.

57529 Deadlock when registering push listeners

In case permanent mail push listeners get registered at an excessive rate, for example when redirecting proxy traffic, deadlocks could occur. We reduced the need for locking to prevent this situation.

57495 Removeshares URL not working

The parser was not able to properly parse the share URLs.This has been fixed by properly parsing share URLs.

57458 Missing logging for SMTP AUTH attempts

We added a WARN level log event for situations where mail transport with the primary account failed due to authentication issues. This does not apply to external accounts to avoid log flooding.

57337 Replying email with more than 4 recipients returns HTTP414 error

Missing cleanup of request data before sending it to the middleware led to this issue.Now cleaning up request data before actually calling the API.

57288 Support for partial account auto-discovery

In case SMTP access was added to an existing mail account later, its data was not fully inserted into database. We now cover the scenario where users want to configure mailbox access independently from mail transport.

57276 Error while saving Guard message to Draft

Invoking cleanup() on a ContentAwareComposedMailMessage instance throws an UnsupportedOperationException.This has been solved by avoiding invoking clean-up for ContentAwareComposedMailMessage instance.

57265 Pasting with CMB click not recognized

Some Linux desktop environments use the center mouse button (often a wheel) to paste data. This event was not properly detected by the mail filter interface and has been improved.

57263 Out of Memory Errors when IMAP endpoint is inaccessible

Threads are kept too long in subsequent connect attempts against a IMAP host in case of a fail-over scenario.

57205 Long login times reported

In specific cases a users login action could take multiple hours, due to an exclusive lock for caching. We now avoid this kind of locking to provide better responsiveness in scenarios with high concurrency.

57203 Category can not be removed from appointment

Categories were not parsed if the corresponding property was absent in incoming iCal files.This has been fixed by always parsing and applying categories from iCal.

57168 Mail shows only blank body

Depth was not incremented, when style tag in HTML-body was added.Increment depth when adding CSS on style tag to solve this issue.

57142 Sync stops when editing file in Google Drive

When syncing a Google Drive account through OX Drive, editing files in Google Drive would potentially break the sync as identifiers of this storage service change on modifications. We’re now considering this case, even though don’t advise to use external storages for OX Drive sync clients.

57133 Issues with image in signature using IE 11 browser does not show image

Wrong/Fall-back MIME type advertised for a signature’s embedded image.This has been solved by using metadata-extractor library to detect image’s MIME type if absent and return that for response’s Content-Type header.

57067 Emoticon pop-up is not anchored properly in Compose window

Strict javascript engines (Edge) failed when assigning values to read-only variables in strict mode.This has been fixed by using the setter function with a new object instead of assigning directly to the object of the getter.

57066 Graphical Elements in Email Appear Squashed When Printed

Combination of width:auto and max-widht:100% causes elements to enlarger when set to 100% width.This has been solved by removing styles.

57060 Webmail folder issue with Archive Folder

After an ‘update’-request only a subset of the account data is used locally.Now simply process the data returned by the ‘update’-request like it is made for ‘all’-requests.

57023 “Show done tasks” resets after logout and login

Missing handling to store grid options.This has been fixed by adding handling for all options (sort, order, done).

56999 Incorrect handling of sieve_max_redirects

The MAXREDIRECTS limit that the Sieve server provided was used on the middleware to check the total redirect commands in the entire user’s script.The middleware now checks the total redirect commands in a single rule to solve this issue.

56990 Attached EML files show up as mail content

When syncing mail which contain EML files as attachment, those were not correctly decoded and displayed in a garbled way within Outlook instead of a proper attachment. We changed parsing behavior to decode UUEncoded content in case a structured JSON representation of a MIME message is requested.

56956 Ham mail sent out when moving mail from Spam folder to Trash folder

‘handle-ham’ is called when moving messages from Spam folder to Trash folder.Do not invoke ‘handle-ham’ when moving messages from Spam folder to Trash folder to solve this issue.

56948 External connected Drive - View and Filter not working correct

View and Filter were not working for external file storages.This has been fixed by removing the filter for external file storages because external file storages cannot and do not provide the full “infostore” feature set.

56935 Better handling of auth failures in OX Request

Possible IMAP response during failed authentication are not considered.Handle possible IMAP response code during failed authentication attempt to better reflect to the user what went wrong. Introduced retry mechanism in case special “UNAVAILABLE” response code is advertised by IMAP server. Enhanced logging in case an external account gets disabled.Changed logging for failed authentication for following IMAP response codes:AUTHENTICATIONFAILED: MSG-1000 “There was an issue in authenticating your E-Mail password…”AUTHORIZATIONFAILED: MSG-1036 “Mail server host denies access for login login.”UNAVAILABLE: MSG-1038 “A temporary failure occurred on mail server host during login for login. Please try again later.” (But only after 5 failed attempts!)EXPIRED: MSG-1039 “Access to mail server host is no longer permitted for login login using his password.” PRIVACYREQUIRED: MSG-1040 “Access to mail server host is not permitted for login login due to a lack of privacy.”

56924 Forward Email in some mails attachment get lost

Wrong mail part id for the text part.This has been solved by adjusting part in case “nature” is set to “virtual”.

56912 OX6: added \n after logout to signature

New/Missing line breaks after sanitizing.Don’t use the new print for signatures for OX6 to avoid unnecessary line breaks.

56875 EML Import via Drag&Drop not working with Unified Mailbox

EML import were available for unified inbox but not working.Now importing for unified mail folder is disabled.

56869 Apache Proxy Timeouts while moving many files (Error 502 after 18 mins)

Action was not prepared for job queue.This has been solved by introducing job queue for files?action=move.

56854 Excessive logging if replicationMonitor contents are missing

In case database replication got slow, we’ve been logging WARN entries for each failed access to replicationMonitor data. We’ve changed this to add a exponential back-off strategy and only log the final attempt since this hints serious database trouble.

56849 Future copyright notes

By default we were shipping a configuration that provides copyright information spanning till 2020. This has been corrected in a way that we include the current year but no future dates.

56830 Missing handling for openByDefault option

The io.ox/mail//attachments/layout/detail/open option was no longer considered by frontend code and has been re-implemented.

56774 Copying users with individual filestores causes errors

When using the usercopy functionality for users which have individual filestores, unexpected errors were thrown. We resolved the situation in a way that errors during user copying are caught and handled correctly. We still deny copying users with individual filestores.

56720 Incorrect Japanese translation for mobile search

When using search on mobile browsers, the folder selector did show an incorrect translation. This has been corrected with proper translation.

56704 “Attach vCard” state is not stored on auto-save

When mail gets auto-saved as draft, a potentially attached vCard file that was added using the option in mail compose was not saved. This has been fixed.

56699 Move folder with files with descriptions to external drive doesn’t work

No error handling for folders. After the ‘ignore’ button was pressed, a ‘undefined’ file was tried to move. That caused a typeError in the frontend and also the above provided server error due to a invalid request.This has been solved by implementing error handling also for folder and files inside folders.

56698 Inconsistent error handling if moving folders to external storages fails

The “Move” operation triggered at the folder-tree context-menu was implemented differently from the “Move” operation provided by the top bar and did not consider external storages. This got unified in a way that both act identically and provide the same level of error handling.

56696 Missing notifications when copying files to external storages

In case files get copied or moved to external storages, ignored conflicts did not raise a success or failure response. This has been solved by unifying the handling of copy and move operations to external storages.

56693 Full-width characters in personal part were dropped

Certain Asian language characters are not shown as part of a mail senders personal part. This has been solved by allowing such 2-bytes characters instead of replacing them by whitespace.

56638 Cloud storage - error messages after moving of a larger folder / larger number of files between different storages

Heart-beat kicks-in too late.This has been solved by letting heart-beat kick-in early enough.

56602 Button “View participants” visible, but remote_presenter = false

This has been solved by disabling the “View participants” button as long as no remote presentation is on progress.

56589 Shared private calendar - decline appointment as a secretary (not an invitee) - deletes the appointment for everyone

A missing “participants” array in the updated appointment data was misinterpreted so that participants got removed.Take over original participant data in case they’re not explicitly set by the client.

56563 Spam folder no longer visible

In case “Spam”, “Confirmed spam”, and “Confirmed ham” folders are all pointing at the same folder they could overwrite themselves which leads to the situation where “Spam” loses its special folder status. This has been solved by making special folder listings more robust against this edge case.

56539 OX shows unsupported sieve action

With the introduction of the simplified mail filter test and actions in the HTTP API v2, there was no check done in the config calls to determine whether a simplified command is using any unannounced/not supported sieve capabilities, which lead into returning those simplified commands, thus the UI assumed that the particular simplified action command was available.Ensure that the required capabilities of the simplified action commands are also checked for possible required sieve capabilities to only show supported sieve rules.

56538 Restorecontext not working with open-xchange-admin-autocontextid installed

Checking if a context to restore might be the last one held in associated DB schema does not deal with the possibility that the context does no more exist. In that case that test should simply pass.This has been solved by checking context existence prior to checking if it might be the last one held in associated DB schema on context restoration.

56536 Send contact as vcard keeps loading with circle logo

Loading the Source of vcard failed.This has been fixed by adjusting the request.

56499 Incorrect attachment names in Japanese

Lenticular brackets were removed from the list of valid characters, which broke certain attachment names as those characters appear to be common in Japanese. We’re now maintaining those characters when providing attachment information.

56496 Replying to HTML mail is using plain-text

On specific custom mail abstraction implementations, replying to HTML E-Mails lead to creation of plain-text E-Mails. This is related to the custom implementation and does not affect other operators. We added a workaround which needs to be validated at the target environment.

56486 Incorrect attachment names in Japanese

RFC2231 encoded parameters where incorrectly decoded when handling attachments. This broke certain attachment names as such encodings appear to be common in Japanese. We’ve corrected decoding and now provide correct attachment information.

56478 Mail disappears when mail deletion canceled on smart phones

Missing cancel handling on mobile phones.Now handling canceling on mobile phones.

56475 Logback without newlines after upgrade

The newline character was removed from the LogstashEncoder and moved to the LogstashSocketAppender.This has been fixed by removing the newline character from the LogstashSocketAppender. Re-introduced the newline character to the LogstashEncoder.

56455 Guided tour for Drive cannot be closed

Race condition when uploading sample file into drive.Make sure sample file is uploaded before starting the tour to solve this issue.

56448 Adding “Inbox” widget multiple times is possible

In case a user has the capability to add multiple mail accounts but did not do so, it was possible to add the “Inbox” widget to the portal multiple times. The underlying check has been improved to cover this case and not allow multiple widgets for a single account.

56446 Mail alias creation randomly give internal server error

Cached content was used to decide which alias to add and which to remove, but that cached content might not be up-to-date.This has been solved by setting a user’s aliases at once.

56435 Task status not correctly exported

The RFC for the corresponding vtodo element, only specifies four status. The ox status for waiting is not covered by the specification and was mapped to the status canceled after import.To guarantee the correct status import of vtodo-elements, the status parameter is extended with a new parameter, called X-OX-STATUS and the value WAITING, which is parsed when importing to represent the “Waiting”-status of the task.

56419 Connection issues due to excessive locking

Locking exclusive database access for provisioning commands led to connectivity issues for users. This could especially be triggered by running expensive provisioning calls like listdatabase on a regular basis for monitoring. This should be avoided in general.

56415 Push related debug messages at log files

Registration and de-registration messages of push clients have been logged at INFO level before, which could create large amounts of log data. As this information is supposed to be used for debugging purposes, we’re now logging it at log-level DEBUG. This solution has to be validated in a production environment.

56414 “Not Spam” button is missing after update

Many code lines just work with “spam”, not with “confirmed_spam”.Always checking for “confirmed_spam” as well to solve this issue.

56400 Links missing in certain HTML mails

Specific HTML mails where handled incorrectly due to a recent sanitizing change for HTML style expressions. In case where such styles got applied to hyper-links the link would potentially not work. We adjusted HTML parsing to avoid this.

56342 Show and hide name while mail compose

After hiding and showing your name, it is was still hidden.This has been fixed by storing current account “displayname” right from the start and keep in updated every time a instance of mail compose is created.

56330 Move operations on filestore not reflected in sync

In case files get moved between folders the corresponding events were not triggered which in consequence did not trigger sync activity for OX Drive clients. We solved this by executing the expected events in case a object gets moved.

56291 Printing or saving document missing lines

Vertically merged tables are only shown in OX Text but are not visible in Word (except the top cell).Hiding vertically merged cells so that the user cannot modify its content and gets the impression of data loss after opening the document in Word to solve this issue.

56285 Attached EMLs not visible at Android

When using a certain Android EAS implementation, nested messages (e.g. .eml files attached to a mail) were not correctly provided to the user. This has been solved by treating content of such attachments and provide them in a compatible way.

56193 Context menu is NOT closed by right-click

Right click outside the context menu doesn´t close it.This has been fixed by removing selector from black list and listen for context menu event to close.

56149 Userreporting ERROR “Cannot find user with identifier id in context ctx“

When storing the report before sending it, a useless comma was added.This has been solved by constructing correct JSON when loading details from local storage.

56140 Cloud-Storage connection problem

Wrong check if whether used connection pool is currently unused/empty caused premature stopping of idle-connection-closer.Proper check whether used connection pool is currently unused/empty to solve this issue.

56136 “Favorite” folders are not removed when deleting associated account

In case a external storage got added to Drive and a folder got specified as “favorite”, this favorite folder was still shown after the external storage account got removed. This has been fixed by cleaning up favorites on account modification.

56107 OX - Slowness in loading the mail folder list

List request breaks on altnamespace with many folders.This has been fixed by removing ‘default0’ list request out of ‘virtual/standard’.

56089 Not possible to delete account via API

Wrong owner identifier passed to quota-aware file storage instance.This has been fixed by compiling proper owner info when resolving a file storage.

56075 Birthdays get removed when born before 1604

In case a user is born before 1604 its birthday would get removed while syncing with EAS on Apple devices. This is due to a iOS limitation related to the introduction of the Gregorian calendar. We now use the Apple specific X-APPLE-OMIT-YEAR parameter for birthdays without a year if its pre-1604.

56073 Logging the IMAP endpoint IP

Remote IP address of connected end-point was not available.Now also output remote IP address of connected end-point to solve this.

56071 Mail content not displayed

Garbled mail messes up IMAP server’s BODYSTRUCTURE information.This has been solved by re-parsing mail manually in case IMAP server’s BODYSTRUCTURE information is messed up.

56069 Filter condition size checking inconsistent

The validation for the “size” condition was incorrect if a action for mailfilter were added.The validation for the “size” condition has been corrected to be consistent.

56065 Sort order for recipients lost up when doing reply all

Ordering of recipients within a mail could be purposeful to adhere social standards. When replying to all recipients of a mail, we now preserve the order of To/CC/BCC of the original mail.

56042 Got exception during upload

Middleware’s Sproxyd connector refused to store an empty file to Sproxyd end-point and Hard fail when trying to delete a non-existing file.This has been solved by allowing to store an empty file to Sproxydend-point and Do not fail when trying to delete a non-existing file from Sproxydend-point.

56038 Name of attachment with Japanese characters not correctly displayed

“ISO-8859-1” charset is assumed for every string value in MAPI properties of a TNEF-encoded attachment.This has been solved by detecting proper charset (e.g. by code page attribute) and use that to get the string value.

56034 OAuth not working if ending on other nodes

JVM route information was not added to redirecting call-back URL.Now ensure JVM route is added to redirecting call-back URL.

56023 External Storage error while saving presentations created from a template

Generating setDocumentAttribute operation twice. In renameHandler and during reloading the document.Marking document as unmodified before reloading it to solve this issue.

56022 Incomplete documentation for exportuserfeedback

We did publish some inconclusive documentation for the exportuserfeedback CLT in terms of API paths, this has been corrected for the tools help.

56021 Feedback: comments and suggestions area without checks filters and escaping

Some characters haven’t been sanitized.More sanitizing for feedback exports solve this.

56010 Emoji selector not visible for small viewports

In case a browser windows viewport was below our specified minimum requirements the “Emoji” selector was hidden in case it was enabled. This has been solved re-calculating the toolsbar content to avoid bottom overflow.

56001 mail folder not loading: String index out of range

Possible ‘java.lang.StringIndexOutOfBoundsException’ while parsing an address list. Fixed by orderly reset cached string length after string was modified.

55974 Appointments in public calendars are getting displayed in the same color

Changed default status from accepted to unconfirmed due to some issues with ITIP attachments.This has been fixed by using status accepted as default for public appointments.

55972 Mail not displayed correctly in App Suite UI

Garbled HTML content with conditional revealed comments confuses Jericho HTML parser.Get rid off HTML comments prior to processing to display such mails.

55964 High load on ConfigDB

Excessive ``SELECT cid FROM context_server2db_pool WHERE server_id=xxx AND write_db_pool_id=xxx AND db_schema=xxx´´ queries.This has been solved by optimizing collecting data for drive metric calculation and improved some locations which invoked ‘getContextsInSameSchema()’.

55958 Inconclusive error message when replying to mail

In specific cases a error message could be raised when replying to mail, stating that adding more mail accounts is disabled. This originates from a check which happens when using “unified mail” and we have corrected it to avoid false positives.

55948 Mailadresses not in “Collected addresses” when reading a new Mail

“collect_addresses” field extracted out of wrong JSON object.This has been solved by extracting “collect_addresses” field out of proper JSON object.

55928 User email is visible in URL

It was possible to see the Guest user’s E-Mail address in an URL parameter.This has been fixed with replacing E-Mail address with ‘user-id@context-id’ tuple and adjusted resolve logic accordingly.

55894 Making rampup calls configurable for debugging

In certain environments the API rampup delivery inconsistent response times. We added debug logging if preconditions for this API exceed a specific threshold and added functionality to allow disabling those preconditions. Note that this serves solely to support debugging of actual issues and should not be used by default. See SCR-63 for more information.

55881 Inbox not loading

The yielded ‘javax.mail.internet.AddressException’ in case of a parsing error may return ‘null’ when invoking its ‘getRef()’ method.This has been fixed by orderly passing parsed address string to fall-back address instance in case of parsing error.

55872 Removed “Open in browser” for IE

Microsoft Office attempts to render documents within the browser instead of downloading them, however not considering cookies required to fetch the requested information. As a result user experience suffers when trying to view or edit MS Office documents stored within OX App Suite. For this and other reasons we decided to remove the “Open in browser” option when using IE-based browsers. We suggest to use OX Documents for in-browser editing work-flows.

55865 Source Maps Support in AppSuite Development

Modification of source code from middleware before evaluation.This has been solved by stop modifying source code on the client side.

55862 Error adding OneDrive account

The endpoint to check a Microsoft OneDrive authentication token returned a string without URL encoding which was considered as invalid response. We now perform URL encoding when working with the response.

55835 Folder rename in external accounts very slow

Inefficient check for duplicate/equally named folders and inefficient folder retrieval as well.This has been fixed by improving performance when updating a folder and fetching folder list afterwards.

55831 Upon external drive account deletion, UI still triggers requests that lead to errors

This has been fixed by adding a missing folder refresh.

55788 Save in drive for webmail user not usable

General problem that might occur if an action gets chained.Once an undefined list element was present the check always returned true now(“draw it”).

55785 Improving error message if file upload fails

In case a file upload fails due to intermediate network components, we now return a more usable error message to users.

55776 Spamexperts not working with https

Basic-auth information only provided in “Authorization” header for HTTP protocol, but not for HTTPS.This has been solved by always providing basic-auth information in “Authorization” header regardless of used protocol and refactored to use newer HttpClient library.

55774 UI used on a mobile device ignores signatures while forwarding an email

Single signature were not fully implemented for mobile.This has been solved by adjusting the getDefaultSignature method.

55748 Wrong sieve rule written when using “start/end with”

The ‘starts with’ and ‘ends with’ simplified rules got mixed up.Properly parse starts- and ends with match types to solve this issue.

55692 Mobile UI changes layout in jslob

Jslob saves also stores fixed settings that are applied for smartphones only.This has been fixed by not saving ‘layout’, ‘showContactPictures’ and ‘showCheckboxes’ for mobile devices.

55690 Runtime exception when deleting calendar

When removing a calendar that contained special appointments, a runtime exception could occur based on assumptions made at the code. This is being solved by actually processing every object within a calendar and applying sanity checks.

55679 Create a new signature with image alone - Save button at the bottom should be disabled till the image is saved

Missing handling for pending images.This has been fixed by introducing cascade.

55676 Empty lines in email get reduced to 1 when sending in “Plain Text” mode

Text mails got a ‘cleanup’ when displayed in AppSuite.This has been solved by tweaking replacement of redundant line breaks to preserve two empty lines.

55631 Unable to add external account due to fixed overlay

Fixed typo in login call parameters to solve this issue.

55626 Email format is NOT preserved when being saved to draft folder

Edit was called without considering mail attributes.Action is now invoked to prevent this issue.

55606 SIEVE imap4flags extension is a requirement for custom sieve filter rules

Support for ‘imapflags’ was removed for the new v2 api in 7.8.4.This has been fixed by re-adding the support for the ‘imapflags’ capability.

55587 Missing error handling for large inline messages

In case a user tries to send a mail which size violated upload restrictions due to inline content (e.g. images), no useful error message was returned. We now inform the user about the issue and log the event.

55574 Wrong sort order when using flag as sort option

Wrong sort order returned for “flagged” sort field (660).This has been solved by returning proper sort order for “flagged” sort field (660).

55561 Per-storage lookup for case handling

Some external storage use case sensitive file and folder names while other rely on insensitive objects. We now allow storage-wise control whether folder names are treated case insensitive or not.

55551 “Expires” drop-down in share link dialog not displayed in IE11

MS Internet Explorer 11 has problems with auto height when bottom CSS attribute is set to 100%.This has been solved by setting bottom to auto if the browser is IE 11.

55532 Redirection not working on chrome but works on Mozilla

Links accidentally considered as harmful.Managed a dedicated list of identifiers for possible global event handlers to get all those links working again.

55511 Mail full-size view not opened in IE

When using list view and clicking a mail, in some cases IE and Edge did not provide the expected full-size mail view dialog. This was due to a glitch where focus events get triggered twice by certain browsers and has been solved by not automatically selecting elements when focusing.

55487 Contacts don’t add correctly when choosing distribution list

This was caused by a missing check for contacts without mail address.Now those contacts are filtered.

55458 Blur not removed on specific devices

Using some large-screen Android devices (and Emulators) running Chrome led to unexpected issues like blurred content not getting un-blurred after triggering an action. We adjusted the check for this behavior to only kick in on small-screen devices.

55455 Contacts export and have EOL

LF character was used as line terminator in exported CSV files. Outlook was not able to handle those files. This has been solved by using CRLF sequence as line terminator in exported CSV files.

55453 Open-xchange-cluster-upgrade package not seen for 7.8.3 to 7.8.4 upgrade

Added missing Hazelcast invalidation packages and accompanying bundles for v7.8.3 and v7.8.4 to solve this issue.

55433 Dutch Backend Translation Problem

Was resolved by adjusting Dutch Backed translation.

55425 Unclear behaviour on versioning when uploading files upper/lower case

File name check was case-sensitive.Now file names check ignoring case to have a standardized procedure.

55413 OX Calendar Print Preview Issue

This was solved by dropping support for browsers built-in printing and give users a hint to use AppSuites print instead.

55409 Contact sort orders are inconsistent at “select address” dialog

Contacts were just sorted by the first character. This has been fixed by adding recursion when letters are equal.

55406 Legit hyperlinks considered harmful

A policy to detect potentially harmful hyperlinks was a bit too strict and affected legit links, mostly in e-tail sales mails. We adjusted the sanitizer to further avoid false-positives.

55389 Inconsistent handling of accounts on smartphones

Adding external (storage) accounts is disabled on smartphones, however the “Accounts” page offered a way to add such accounts. We changed this in order for “Accounts” to be of informational purpose on mobile devices.

55387 Subscribing to external address book sync just one contact

GMX address-book subscriptions were failing to import more than one contact. We re-designed data access to use standard vCard instead of a discontinued API.

55363 Default text style are not retained in compose page after pressing backspace

Styles were applied manually and get cleared after deleting the last letter in mail compose.This has been fixed by using TinyMCE option ‘forced_root_block_attrs’ and apply custom style and identifier class.

55362 Translation missing on upload timeout error

Missing string in i18n.Added missing string to i18n.

55360 Potential XSS-Bug while handling Mail From

Possible control and/or white-space characters returned to clients. This has been fixed by dropping control and/or white-space characters from E-Mail addresses.

55345 Dovecot allows to add more rules than configured for redirect in sieve_max_redirects

Middleware ignored MAXREDIRECTS.Now Middleware limits redirect commands and “redirect” actions are limited according to the MAXREDIRECTS setting.

55301 Certain rules created with “not” conditions are shown as the positive condition

Certain rules created with -not- conditions, including -not exists- could not be parsed correctly.This has been solved by adjusting the parsing and added backend support for this behavior.

55298 Maximum configured sized needs to be fixed for Japanese Error message

Fixed translation for “Maximum configured sized”.

55288 pdf.js progressive rendering floods OX logs with errors on Chrome

Superfluous error logging for common case when client/end-user abruptly aborts the HTTP connection.This has been fixed by adjusting logging for common case when client/end-user abruptly aborts the HTTP connection.

55285 Wrong sender account when replying to email addresses with upper-case letters

Check was case sensitive.This has been fixed by comparing case insensitive and fix the sync-async problem for the fallback.

55284 Possible to change threadSupport if protected

We had no consistently check if threadSupport was case ‘threadSupport’ is disabled also a potentially active folder viewoption ‘thread’ is ignored to solve this issue.

55273 Logout ends up in a white page

Was caused by a problem with deleted files of running OX Documents when logging out.This has been solved by rejecting promise in this error case in the quit handler.

55271 File name incorrect Japanese characters

Fullwidth digits were replaced in file names. This has been solved by allowing fullwidth digits in file names.

55265 High load on configdb DB ReadSlave

Excessive querying of all context identifiers, likely caused by unnecessarily “per node” initialization of default attachment storage cleaner. Solution: Efficient retrieval of distinct context identifiers per schema and re-factored default attachment storage cleaner to be managed as cluster task (runs only once, no more per node).

55254 Rename / delete folders in OX Drive not possible

Creation of trash and public folders on demand was removed. This has been solved by reenabling the creation of trash and public folder on demand.

55240 Sharing link can not selected on a mobile device

Copy button was disabled for Safari because of API limitations. This has been solved by enabling the button for Safari again, meanwhile Safari supports the required API.

55229 Japanese text is garbled in App Suite

Some Japanese characters are not display correctly (garbled) in emails. This has been fixed by using “x-windows-iso2022jp” charset in case Javas “iso-2022-jp” charset yields unmapped characters.

55200 Capabilities checks performed against “mailfilter” instead of “mailfilter v2”

Even though the mailfilter.v2 API is the one being used, capability checks were done against the legacy to mailfilter API. This has been solved by setting capability check to mailfilter v2.

55199 Custom mail filters break due to changes in com.openexchange.mail.filter.json.v2

Command registries are not properly registered as services. Properly register comand registries for new v2 API to solve this.

55175 Mail Module does not render thumbnails for .txt

This has been solved by adding txt to regex of supported file extensions for preview.

55171 Mail Modules does not render thumbnails for TIFF and PSD

Missing handling for .psd and .tiff in mail preview. This has been solved by adding PSD and TIFF support to preview list.

55166 Mail representation changes when forwarding

Plain-text mails get “beautified” in a way that lists are displayed like HTML lists, but now in mail compose. User feedback suggests that users prefer consistent handling rather than eye-candy in this case so we dropped post-processing of lists.

55162 Inline images at HTML mails disappear after a short time

Sometimes added Inline images disappeared while composing a new email. This got solved by not advertising the Content-Length header for retrieved images from mail storage as associated MIME part does not provide exact size to solve this issue.

55155 java.sql.SQLException: Insert did not produce any results

Looks like that data are missing in table USMSession when inserting data into table USMDataStorage.This is a partly workaround: In case of an USMStorageException remove cached session data from memory and do a logout. This induces a read from the DB at the next login, the sync-state is then in sync again between the (reading) DB and memory. Reverted the improved debugging, because it leads to heavy logging. Instead introduced an error logging of the current DB data of the tables USMDataStorage and USMSession for the affected context and user.

55148 URL without protocol identifier open relative

When rendering HTML hyperlinks we now consider URLs without a specific protocol (e.g. href= to be absolute and prepend “http://“.

55102 Cloud storage - moving of a larger folder / larger number of files between different storages stops after 1100s with error 502

Possible HTTP proxy timeout during long-running operations.Introduced the possibility to let a client submit a certain operation to a job queue, which can be frequently polled to check operation’s status.

55100 Errors regarding logback mbean after update to 7.8.3

In case the bundle has not been started an attempt to register its MBean failed. Await availability of Logstash Socket Appender instance prior to attempting to register its MBean to solve this issue.

55096 Dragging a folder into Drive in App Suite UI results in unspecific error

Wrong folders detection on MS Windows. Improved detection to solve this issue.

55085 Tasks: error message on removing editor

Removing oneself as a participant caused permission loss. Which was treated as an error.Don’t treat permission loss as an error anymore as this is expected in this case now.

55084 Onboarding shows EAS configuration without permissions

Missing implementation for mobile view. This has been solved by adding missing implementation.

55075 Attendant can change the participant status of creator in shared calendar

UI changed response so it looked like the currently logged in user confirmed the appointment. This has been fixed by using the actual user that confirmed instead of the currently logged in user.

55057 Folder structure order for the default folders are changed

This was caused by a wrong client side order of the folder. This has been fixed by changing client side order to: inbox, drafts, sent, spam, trash, archive.

55044 OXTender for Outlook destroys SMIME signature

Possible empty line after multipart preamble was not maintained.Force a blank line before start boundary when writing out multipart content to solve this issue.

55042 Inconsistency when selecting an empty folder in the Mail tab

The text “Empty” is shown initially when selecting a empty mail folder but not when the user did tap on other folders and then returns back. Second visit calls busy twice that breaks the “visibile-invisible-chain”. This has been fixed by using a robust implementation that utilizes busy and idle.

54984 Unread messages folder messes up unread count for other folders

Folder selection had virtual/all folder hard coded.This has been fixed by using configured values to determine virtual/all folder.

54957 No images can be loaded when showing a truncated message fully

Accept new ‘forceImages’ parameter for ‘mail?action=get&view=document’ action. Also show extended action label only when external images are filtered out.

54956 Post install script not uses com.openexchange.mail.filter.preferGSSAPI=true

When updating from 7.8.3 consider the case where users preferred GSSAPI as SASL mech and set the new c.o.mail.filter.preferredSaslMech accordingly to solve this issue.

54944 Subject line with UTF-8 characters are jumbled up

Mixed encoded values are not properly combined. Properly combine mixed encoded values to solve this issue.

54894 E-mail gets only displayed partly

Mail uses absolute positioning. Email exceeded internal limit (32KB) for specific post-processing. Raise size limit for that particular post-processing to 128KB for Chrome, 64KB for other browsers to display those emails.

54884 Error in method SQL query

The related request used wrong column numbers.This has been solved by adjusting those column numbers.

54879 Quotes in email local part not allowed

Possible quotes (“) in local part of an E-Mail address were handled as special characters. Now orderly handle quotes in local part of an E-Mail address to solve this issue.

54877 Tasks cannot be deleted

Duplicate entries were written to the del_task folder table. This has been fixed by only writing the most current ones.

54802 Duplicate entry for key PRIMARY Error on update

Inexact SQL expression to remove duplicate entries from user_attribute table. This has been fixed by deleting duplicate entries by their UUID association.

54797 CSV import wrong birthday

Added dynamic date format for user locale to solve this issue.

54793 Path at Drive breadcrumb navigation is not updated on rename

When renaming a folder, the associated folder representation at the upper breadcrumb

54792 Excessive querying of filestore2user

The filestore2user was queried with SELECT statements more than necessary, which led to performance issues on large deployments. We now make sure to fetch individual entries, which is often sufficient.

54790 Getting quota does not work anymore

When requesting quota information for non-existing file storage accounts a runtime exception was thrown instead of properly handling the case. This has now been corrected.

54774 Sending user feedback fails with empty SMTP auth values

When sending user feedback as CSV file via mail, empty SMTP authentication configuration settings would prevent sending the mail. We added a potential solution for this, however did not have necessary information to reproduce the original problem. Therefor this fix has to be validated by the requesting customer.

54772 Incomplete documentation on mail account configuration

Existing configuration samples and documentation for the Mail Account feature was incomplete, we updated, corrected and extended it.

54750 TO: with IDN scrambled after reply

The mail sent by Thunderbird does not contain the ASCII representation of the mail address. Instead it contains the unexpected IDN representation. This was fixed in javax.mail as it deals with unexpected mail content. Try to parse with the default java charset. If ASCII is provided (as expected) nothing will change.

54736 Incorrect documentation on User Feedback

Descriptions for the User Feedback feature and its provisioning tools was incorrect with regards to the –end-time switch, this got fixed.

54702 Rename folder pop-up not closing

The dialog to rename a folder in App Suite would not close under very special conditions. This has been researched and a potential workaround got applied. The effectiveness of this solutions needs to be validated for the environment in question.

54701 Unable to copy raw image content to mail compose with IE11

When copying raw image content from apps like MS Paint to mail compose, rather than just adding that image via drag&drop or the provided composer options, its content did not get pasted when using IE11. This has been corrected for this particular case, however note that copy&paste is implemented very inconsistently across browsers and operating systems, other cases will potentially not work as expected since the browser does not provide necessary information to web applications.

54681 Amount of auto-complete proposals is limited

We anticipated that 20 proposals for auto-complete were reasonable for most data sets and compatible to typical viewports. As there has been demand to lower this amount, we provided a set of frontend configuration options.

54675 Invalid mail filter rules stored

It was possible to bypass the model validation by triggering the change event via the save button. We added another validation cycle after the “save” event was triggered to prevent empty entries.

54673 Same timestamp shown for drafts in multiple composers

When composing multiple mails at the same time, the date/time information when the mail has been saved as draft was added to all open composer windows and did overwrite the actual date. This has been solved so that each composer window shows the correct saving date.

54593 No error message if import limit is reached

No warning given in case number of imported items were truncated. This has been fixed by adding warning if number of imported objects were truncated.

54580 Issues with parsing plain-text links in mail

Certain E-Mails did contain combinations of text that led to incorrect hyperlink detection. This got solved by parsing links at plain-text mails less greedy.

54563 Adding dot and special char creates unexpected sender

When setting a custom sender name, a combination of dots and special characters led to results that include a double-quote character. This was due to incorrect mail-safe encoding attempts.

54532 Confusing error message “Folder INBOX has been closed on mail server”

Confusing displayed error message. Solution: Rephrased error messages dealing about connectivity issues to mail server to have a more user-friendly information. Moreover added the “Please try again later.” suffix to hint to a possibly temporary nature of the issue.

54529 Drive mail drive attachment counting filesize against upload limit

Any mail attachment appended to the new message has been checked against upload quota limitation. Only consider uploaded file (mail attachments) when checking upload quota limitation to solve this issue.

54468 Status of a multi-file incorrect

If a file uplaod was running and a second file upload is started, the upload time were not calculated new. Fixed time estimation as increased collection size was not taken into account during calculation.

54454 Multiple contact selection works only on 2nd try

No previous selection when there actually was an item selected. This has been solved by using the correct selection.

54453 account help page missing

Did some help content re-structuring, so all account related settings are shown at one help page now.

54446 Citrix Desktop usage leads to touch-device handling

When using Citrix Desktop with Firefox, the frontend incorrectly detects a touch device and disables features like drag and drop. This has been correctly for compatibility purposes.

54437 Contact collector not working

Collecting contact information while reading mail was not working when combining specific mail handling (seen/unseen) in combination with contact collection. This has been solved.

54377 Generating missing MD5 sums on filestore Objects causes high read load

There might be situations where the metadata for stored infostore documents does not indicate the referenced files MD5 checksum. This may be the case for files that were stored more than 4 years ago, or for files that have been uploaded in chunks, e.g. during a migration. When synchronizing via OX Drive, the missing checksums for those files are calculated on demand, which requires the files to be retrieved from the underlying storage. When having many or very large files where the checksum needs to be calculated for, this may lead to an increased read load which may impact other processes and systems in the installation. This has been fixed by providing functionality to calculate missing file checksums on demand.

54376 Core mail configuration not reloadable

Various variables can be set at but could not be re-loaded into the system without a restart. This has been changed to allow reloadable configuration properties.

54349 Edge crashes on large attachments

Too much memory and CPU usage by canvas resize. Integrate canvas resize into our lazyload mechanism so not every picture is processed simultaneously to solve this issue.

54348 Attachment filename wrong when forward email

Building the forwarded mail calling setHeader erased the header information about file name. This has been solved by calling setHeader first and set the file name header afterwards.

54311 Unable to send mail with onboard external account as sender

A SMTP server which responds with non standards-compliant multi-line greeting on socket connect messed up parsing of server’s capabilities. This has been solved by dealing with multi-line greetings from SMTP server.

54262 No timeout message if loading modules fails

No error message on require timeout. This has been fixed by adding timeout message and reload option with longer timeout (30 seconds).

54252 Missing translation for calendar warnings

In case a calendar contains more than a configurable amount of appointments, we display a warning to the user that performance might be affected. This warning was not properly translated to Japanese, it has been translated now.

54232 File names are case sensitive

The filename reservation logic recorded possibly conflicting filenames in a map using case-sensitive keys. This has been solved by tracking possibly conflicting filenames ignoring case.

54181 Config-cascade inconsistency for value pairs

Certain value pairs where not correctly distributed by the config cascade mechanism, especially those related to services that use oAuth for authentication. We solved this by making those properties config-cascade aware.

54136 Incorrect permission restriction when moving folders in Drive

When moving/copying a folder from a external storage service to folder of the primary OX Drive storage service, a permission related error was thrown. This got solved by properly setting administrator privileges to the creator of a OX Drive folder while copying/moving in folders from external services.

54069 Fuzzy fallback for unsupported languages

In certain cases the frontend language did fall back to german instead of english. This got fixed by setting a explicit fallback to en_US if the browser provides a unsupported language and no previously set OX language cookie.

54067 Outdated “unsupported browsers” message

OX App Suite UI did display incorrect recommendations for mobile browsers when using such as a desktop browser. This has been solved and we’re now showing recommendations for mobile browsers only when using a mobile device.

54042 Unable to update dates with Japanese locale

When defining start/end dates at the calendar on mobile browsers, the supplied data did not get taken over to the appointment. This was caused by incompatibility of a date/time format library with specific languages and has been fixed by making sure the same date/time format is used at all related components.

53986 Missing translation for server shutdown message

When shutting down a middleware node, errors are expected and a notice is provided to logged-in users. This notice was not translated to Italian and has been updated.

53964 Incorrect translation for “Unread messages” in Japanese translation

Adjusted the translation to solve this.

53962 Japanese translation issues in Address Picker

Adjusted one translation and added a new translation to the Address Picker.

53959 An I/O error occurred: Connection reset by peer

Client/end-user abruptly aborts the HTTP connection while writing out the content of a ZIP archive. This has been solved by adjusting logging for common case when client/end-user abruptly aborts the HTTP connection.

53947 Monthly calendar view does not scroll to previous month

Previous month scrollposition was unreachable due to endless scrolling. This has been fixed by drawing an additional month if trying to scroll to the first drawn month.

53921 Missing folder labels in mail search results

Mail search results usually contain a pointer to where the mail is located, this was missing in some cases. We updated the timing behavior and search consistency for mail.

53916 Adding local files opens camera App on iOS

When using OX App Suite UI with Safari on iOS, the action to add a local attachment resulted in immediate launch of the camera App. We now trigger a selection menu which offers to either use the camera or access existing photos on the device.

53905 Inconsistent behavior between modules for external accounts handling

Button was shown although if no service is available.This has been fixed by adding check to show subscribe buttons only if there is a service available.

53900 Google Mail Account does not work after adding a second account

When updating an OAuth account (applying a new name), the enabled scopes was accidentally reseted.This has been solved by not touching OAuth account’s enabled scopes when updating its name.

53841 Mislocated “close” icon for Twitter widget

The “x” to close a widget is mislocated for the Twitter widget in case much content was displayed. This has been solved.

53838 Unable to add hyperlink to an image in mail compose

Once a inline image got added to mail compose, it could not be selected anymore to add a hyperlink. This has been solved by updating TinyMCE.

53795 POP3 External account: messages retrieved are duplicated

Certain POP3 server’s do not obey to advertise UIDLs with at max. 70 characters.This has been fixed by extending the “uidl” column in “pop3_storage_ids” and “pop3_storage_deleted” tables from 70 to 128 characters as some POP3 server advertise bigger UIDL values. An Updatetask will be triggered with this fix.

53790 Problem with executing SQL: Deadlock found when trying to get lock

Possible dead lock situation through concurrent context create operations that imply to add data to “contextAttribute” table in context-associated payload database.This has been solved by adding retry strategy with exponential back-off and added optional lock to ‘contextAttribute’ table to ultimately serialize concurrent write operations. Whether the lock is supposed to be acquired is controlled through newly introduced “LOCK_ON_WRITE_CONTEXT_INTO_PAYLOAD_DB” property in file ‘’. Default is “false”.

53785 Unexpected icon when adding external storage

When adding a new external storage account, sometimes unexpected file icons are temporary used which are left-overs of a “busy” indicator. Those will not be shown anymore.

53694 Huge “feedback” label in Japanese

The “Feedback” label contained very long text in its Japanese translation. This has been solved.

53690 Fields considered for sorting / categorizing contacts inconsistent

A contact’s (yomi-) firstname was not taken into account during sort name generation in case no (yomi-) lastname was set.This has been solved by using combination of (yomi-) last- and firstname per default as sort name.

53689 Yomi fields not available / visible with non-Japanese language setting

Missing feature for other languages.Added new setting and feature to make yomi fields with other languages.

53688 Contacts with Katakana “yomi” fields are sorted and categorized as “other”

Only hiragana in sorting table.Extend table with katakana to solve the first part. When yomi was given with Half-width Katakana it is still not sorted correctly.

53671 Specific mails produced empty printouts

When printing specific mails that define CSS, the created print version did not show substantial content. This got fixed by dropping certain CSS elements from our whitelist that could lead to broken layouts. See Change #4204.

53649 Folder IDs were shown in PIM objects attachment details

For PIM objects with attachments we did show the hyperlinks pointing to OX Drive instead of the corresponding App. To avoid confusion we did visually remove those links as they provide almost no functionality.

53485 Missing documentation about guest groups

We did not describe what groups of guests are in general and how the differ from standard groups. This has been added to our online help.

53457 Unread counter not updating correctly

When moving a mail to the “Trash” folder, in some cases the unread counter was incorrectly updated. This has been solved by making such “move” operations more robust for the counter.

53454 A IMAP folder called “user” is visible

“user” folder remained in child listing of root folder. Orderly drop single namespace folders from LSUB collection to solve this issue.

53452 Missing creator information for resource conflicts

In business use-cases its helpful to understand which person create an appointment that blocks a resource. We’ve added a frontend configuration switch for this.

53437 Inconsistency for thumbnails and image preview

Certain file formats (tiff, psd, pbm) were shown as thumbnail preview while not being supported in image preview. To ensure consistency we added support for tiff and psd files to image preview.

53368 UI does not load but also not redirect to unsupported.html for MSIE 9.0

Latest code changes make IE9 unusable.Now sending MSIE 9 users to the unsupported HTML file.

53340 Appointment status of participant not updated via EAS

The list of confirmations was not part of the USM sync-state.USM syncs now the list of confirmations from the backend to solve this issue.

53260 Missing meeting response buttons with Windows Mobile

Invitations through EAS were confusing Windows Mobile 10 due to their participant list. We’ve updated the binary XML to simulate behavior closer to an Exchange server.

53233 No appropriate folder storage for tree identifier “0” and folder identifier “label”

Used dummy folder_id ‘label’.This has been fixed by using ‘virtual/label’ now to avoid that an invalid ID is used in server requests.

53169 Multiple SOAP events are generated when modifying recurring appointment

When changing a timeframe of a appointment exception by using drag and drop repeatedly, multiple event notifications are sent. This affects a specific calendar “integration” and has no impact to typical usage.

53157 Missing meeting response buttons with iOS

Invitations through EAS were confusing iOS due to their participant list. We’ve updated the binary XML to simulate behavior closer to an Exchange server and send the MeetingStatus node.

53100 Mail is not beeing displayed, blocking other from beeing displayed in INBOX

This was due to missing recovery for an unsupported character-encoding.This has been solved by handling possible unsupported character-encoding.

52798 Missing appointments in Outlook

In special cases, a list of deleted change exceptions for recurring appointments was provided by Outlook to USM, which led to an exception and subsequently incomplete sync. This got fixed by considering this case.

52764 Documentconverter allows conversion without ‘document_preview’ capability

Files API handles .csv files differently whether we check for the file extension or the mime type.This has been fixed by checking directly for view model type instead of using the mime type based files API methods.

52756 Twitter can not be configured anymore;Case-sensitive look-up for an OAuth API: “Twitter” is not equal to “twitter”

Case-sensitive look-up for an OAuth API: “Twitter” is not equal to “twitter”.Perform ignore-case look-up by OAuth API identifier to solve this issue.

52719 Prefetched documents are not used by the viewer

In some cases like PDF source content or previously rendered files, a ManagedFile was returned although the request contained an async flag. This has been solved by ignoring ManagedFiles at all whenever async flag is set at request and return a JSON Object with element {“async”:true} in such cases.

52637 Unable to print encrypted mails

Encrypted mails could not be printed after decrypting. This has been fixed.

52470 Incorrect detection of users USM capabilities

In certain cases a users capabilities to use USM and related sync implementations got incorrectly detected. We solved that by sticking to the advertised module access permissions instead of dynamically resolving it.

52107 Different display of name with comma;Parentheses were rigorously dropped from address strings.Solution: Keep parentheses in quoted personal part

e.g. “Doe, Jane (JD)”

51967 Missing distribution lists in Outlook

When syncing Outlook using USM, certain amounts and combinations of contacts and distribution lists could lead to a situation where only a subset of contacts but not all distribution lists got synced. This has been solved by sorting the type of object (contact, distribution list) prior to performing the sync operation. This way the kind of objects retrieved at the client side stays consistent in case the total amount of objects exceeds the chunk size for one sync operation.

51594 Drive opens wrong files directly after upload - wrong link in UI

indexing mismatch between the DOM nodes representing the file items and the model entries holding the file data.This has been solved by fixing the sort method.

51575 Runtime exception when using DEBUG log level

In case DEBUG level logging is performed, log entries regarding database access could cause NullPointer
. This has been solved by making log output safer.

51462 Full-day appointments could not be converted with Lightning

When using Thunderbird/Lightning and CalDAV of OX App Suite, full-day appointments could not be converted back to normal appointments using the CalDAV client. The reason for this was a client-specific CalDAV header used to indicate full-day appointments which caused issues with Lightning. We removed this header if the associated user-agent does not expect it.

51093 “Switch to parent folder” leads to hidden root for external storages

The root folder is “9” for Drive, but for external storages it is “1”. When the root is reached, the overview is shown. The check if the root is reached only considered “9” and therfor did not work when using external storage accounts. This has been fixed by checking also for folder id “1” for external storages.

51091 Upload to external filestorage account folder does not abort if overquota and fails

Missing error handling for overquota in multiple file upload.This has been solved by checking error FLS-0024 and stop queue if this error appears. Also check for rate limit error. If one of those errors appear, the upload queue stops and removes all files from the queue.